Cellular networks have conventionally been designed to include some security functionality. In the GSM EDGE Radio Access Network (GERAN) architecture, specified by the Third Generation Partnership Project (3GPP), packet-switched traffic to and from a User Equipment (UE), also termed Mobile Station (MS), using General Packet Radio Service (GPRS) is routed through a Serving GPRS Support Node (SGSN) in the Public Land Mobile Network (PLMN) in which the UE is operating. Encryption of user-plane data with Cyclic Redundancy Check (CRC) for error detection is supported between the UE and SGSN.
Increasingly, cellular networks are being adapted to facilitate their use by Machine-to-Machine (M2M) type devices. These are often configured to communicate with a server that is in (for instance, a part of) or in communication with the Home PLMN of the device (the device typically comprising a UE configured with a subscription to the Home PLMN). The server may be in communication with the Gateway GPRS support node (GGSN) in the Home PLMN. In some circumstances, the M2M device will be roaming, so the SGSN will be in the Visited PLMN, whilst the GGSN is in the Home PLMN. GPRS tunnelling protocol (GTP) allows communication between the SGSN and GGSN and since the communication typically occurs within an operator administered environment (over intra-PLMN or inter-PLMN), the security of the interfaces has been considered to be sufficient.
However, from an application level perspective, the customer may not be satisfied with the level of security within the mobile network, especially the absence of ciphering or integrity protection between SGSN and GGSN. This may be especially problematic when the UE is operating outside its Home PLMN. Even if the link between a visited SGSN and GGSN can be secured, there is still the risk that communication between the MS and Application server may be intercepted in a visited network (e.g. in visited SGSN), with which the customer may not have a contractual relationship.
In the third GERAN teleconference on Cellular Internet of Things (IoT), the need for secure transfer of both signalling and user data for Cellular IoT applications was highlighted. For an approach using the Gb interface (between the Base Station Subsystem and SGSN), it was identified that integrity protection is not supported between the MS and the SGSN and user plane security between MS and SGSN might benefit from more secure encryption algorithms, such as GEA4. However, for both the Gb interface architecture approach and an option based on the S1 interface (between an eNodeB and core network), user plane encryption does not extend to the GGSN/Packet Data Network (PDN) gateway (or a nearby MTC server).
Customers may therefore decide to run their own application layer security mechanisms end-to-end, between their application server and the UE. End-to-end security protocols, such as Datagram Transport Layer Security (DTLS), between the MS and an application server provide one way of securing the communication between MS and a cellular IoT application server, irrespective of the nature of the security over the radio access and within the cellular network domain (including both the home network and visited network).
One of the main drawbacks of supporting existing end-to-end security protocols for Cellular IoT devices is the amount of security related signalling (for example, protocol overheads such as DTLS handshakes) that need to be exchanged between MS and the application server before any useful information can be sent (usually a small data packet). The signalling overhead will not only reduce the radio access capacity but, more importantly, increase the energy consumption by the M2M device. This may make it difficult to achieve the objective of having devices lasting for years with standard battery power.
As a result, this approach will add a significant level of signalling overhead before any useful application data can be transmitted, unless the process can be optimised. For M2M type applications, it is likely that only small packets of data will need to be sent at relatively long time intervals (for example, hours or even days). Moreover, it is expected that M2M data will be transmitted over narrowband cellular systems using small chunks of spectrum, with very low throughput capabilities. Introducing end-to-end application layer security for M2M applications, without any optimisation in the signalling exchanges, will add a significant overhead to the amount of signalling bits that should need to be transmitted in order to convey an information bit. This may not only affect the capacity of the system but, more importantly, may affect the battery life of M2M devices which are expected to operate for years on battery power.
It is thus desirable that security in cellular networks is either improved in an efficient way to remove the need for end-to-end security between the application server and the UE or an optimised end-to-end security mechanism is developed that reduces the signalling overhead to establish security between UE and an application server. Enhancements to the cellular network security framework to achieve those aims are valuable.